Yearn Finance Faces $9 Million Exploit as Attacker Generates Infinite yETH Tokens

Yearn Finance recently disclosed a significant security breach involving its legacy yETH product, which was exploited by an attacker who managed to create an enormous quantity of counterfeit tokens. This incident allowed the perpetrator to exchange these fraudulent tokens for genuine assets, resulting in a staggering loss of approximately $9 million.

On November 30, 2025, alerts from on-chain monitoring systems and official statements from the protocol indicated that the attacker executed a single transaction that generated a near-infinite supply of yETH tokens. Subsequently, these tokens were utilized to withdraw Ethereum (ETH) and liquid-staking derivatives from various liquidity pools.

#PeckShieldAlert Yearn Finance @yearnfi suffered an attack resulting in a total loss of ~$9M.

The exploit involved minting a near-infinite number of yETH tokens, depleting the pool in a single transaction.

~1K $ETH (worth ~$3M) was sent to #TornadoCash, while the exploiter’s… pic.twitter.com/IXNygpwoWa

— PeckShieldAlert (@PeckShieldAlert) December 1, 2025

Understanding the Exploit Mechanism

The exploit was made possible due to a vulnerability in the minting logic of the yETH token. Reports indicate that the attacker was able to generate an astonishing 235 trillion tokens in a single transaction. These worthless tokens were then swiftly exchanged for real assets from liquidity pools on platforms like Balancer and Curve, effectively draining the liquidity in a matter of minutes. Security analysts and blockchain monitors observed the minting and subsequent asset swaps occurring at an alarming speed on the blockchain.

At 21:11 UTC on Nov 30, an incident occurred involving the yETH stableswap pool that resulted in the minting of a large amount of yETH. The contract impacted is a custom version of popular stableswap code, unrelated to other Yearn products. Yearn V2/V3 vaults are not at risk.

— yearn (@yearnfi) December 1, 2025

Assets Compromised in the Attack

According to various reports, the attacker successfully siphoned off approximately $8 million from the primary yETH stable-swap pool. Additionally, around $0.9 million was extracted from a yETH-WETH liquidity pool. Notably, about 1,000 ETH, valued at roughly $3 million at the time, was transferred to Tornado Cash in an effort to obscure the transaction trail. The attacker converted the counterfeit yETH into a combination of ETH and liquid staking tokens before attempting to launder the stolen funds.

Impact on Yearn Finance’s Core Products

Yearn Finance officials confirmed that the breach was confined to an outdated version of the yETH product and did not affect the more recent V2 and V3 vaults. In response to the incident, deposits into the compromised pool were isolated, allowing the team and external experts to initiate a thorough investigation. This isolation strategy was crucial in safeguarding the majority of user funds held in active vaults from being impacted.

Market Reactions and Broader Implications

The news of the exploit triggered a wave of selling pressure across cryptocurrency markets, as traders began to assess the risks associated with integrating liquid staking tokens with custom swap code. Yearn Finance has stated that it is collaborating with external security teams to conduct a post-mortem analysis and to address the identified vulnerabilities. Reports indicate that these teams include external auditors and blockchain investigators who are actively tracking the stolen funds and exploring recovery options.

In light of the incident, Yearn Finance issued a notice to users regarding the affected legacy product and urged caution while the review process is ongoing. The protocol’s commitment to transparency and security is evident as they work to restore confidence among their user base.

Frequently Asked Questions (FAQ)

What happened during the Yearn Finance exploit?

The Yearn Finance exploit involved an attacker who exploited a flaw in the yETH minting logic, allowing them to create an enormous number of counterfeit tokens. These tokens were then exchanged for real assets, resulting in a loss of approximately $9 million.

How did the attacker manage to mint so many tokens?

The attacker took advantage of a vulnerability in the minting process, generating around 235 trillion yETH tokens in a single transaction, which were then swapped for real assets from liquidity pools.

What measures is Yearn Finance taking in response to the breach?

Yearn Finance is working with external security teams to investigate the incident, patch vulnerabilities, and track the stolen funds. They have isolated the affected pool to protect user funds in other vaults.

Will this incident affect other Yearn Finance products?

The breach was limited to an older version of the yETH product and did not impact Yearn’s V2 and V3 vaults, which remain secure.

What should users do in light of this incident?

Users are advised to exercise caution and stay informed about the ongoing investigation. Yearn Finance has issued warnings regarding the affected legacy product and is committed to transparency throughout the recovery process.